In distributed computing, components located on networked computers interact with each other in order to achieve a common goal. The networked components, which may include storage resources, can generally be shared by multiple users, particularly in the distributed computing paradigm known as “cloud computing.” In this context, data security is an important concern in the sharing of storage resources, since multiple users have access to the same data storage device. This is typically the case even though the users may otherwise have no relationship to each other.
Generally, data encryption is used to allow different users to share a particular storage device while securing the data between the different users. For example, in a data storage device used in a distributed computing system, a different range of logical block addresses (LBAs) and corresponding access key (or a personal identification number (PIN)) may be assigned to each user that has access to the data storage device. The access key is generally used by the controller of the data storage device to encrypt data stored in the LBA range to which the access key corresponds. Furthermore, the controller of the data storage device is configured to allow the user access to a particular LBA range only if the user can provide the access key that corresponds to that particular LBA range. In this way, a user is prevented from accessing an LBA range of a different user.
However, in the above-described technique, a user is still able to access any LBA range of the storage device if the corresponding access key is known. Furthermore, when an LBA range is unlocked incorrectly, data stored in the LBA range is exposed to any user. Consequently, the security of data stored in an LBA range of the data storage device is limited to how securely the access key for that LBA range is stored and transmitted and how programs in hosts utilize the security protocol. In light of the above, there is a need in the art for more robust security of shared storage resources in distributed computing systems.